Difference between revisions of "Upside Down Ternet"

From ArchWiki
Jump to: navigation, search
m (codeline -> ic)
m (Starting: Fix daemons style)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:Networking (English)]]
+
[[Category:Networking]]
This is a HowTo on creating a transparent Squid proxy server using mogrify to flip the images upside down.
+
This article explains how to create a transparent Squid proxy server using mogrify to flip the images upside down.  
  
== Preparation ==
+
== Installation ==
  
Install these packages to get things started
+
[[pacman|Install]] the {{Pkg|squid}}, {{Pkg|apache}} and {{Pkg|imagemagick}} packages from the [[Official Repositories|official repositories]].
 
+
pacman -S squid apache imagemagick
+
 
+
ImageMagick contains mogrify and is only needed if you do not already have it.  
+
  
 
== Configuration ==
 
== Configuration ==
  
Create flip.pl and place it in your {{Ic|/usr/local/bin}} folder
+
Create {{ic|flip.pl}} and place it in your {{Ic|/usr/local/bin}} folder
<pre>
+
{{hc|/usr/local/bin/flip.pl|<nowiki>
 
#!/usr/bin/perl
 
#!/usr/bin/perl
 
$|=1;
 
$|=1;
Line 43: Line 39:
 
       $count++;
 
       $count++;
 
}
 
}
</pre>
+
</nowiki>}}
  
 
Now we need to modify the permissions so that it's executable
 
Now we need to modify the permissions so that it's executable
  
chmod 755 /usr/local/bin/flip.pl
+
{{bc|# chmod 755 /usr/local/bin/flip.pl}}
  
 
Next, while not necessary, does clean up the Squid config file a lot making it easier on the eyes
 
Next, while not necessary, does clean up the Squid config file a lot making it easier on the eyes
  
sed -i "/^#/d;/^ *$/d" /etc/squid/squid.conf
+
{{bc|# sed -i "/^#/d;/^ *$/d" /etc/squid/squid.conf}}
  
 
Now, edit your squid.conf file and append this to the bottom
 
Now, edit your squid.conf file and append this to the bottom
 
+
{{hc|squid.conf|
url_rewrite_program /usr/local/bin/flip.pl
+
url_rewrite_program /usr/local/bin/flip.pl
 +
}}
  
 
Also find the line for {{Ic|http_port}} and make it now read
 
Also find the line for {{Ic|http_port}} and make it now read
 
+
{{hc|squid.conf|
http_port 3128 transparent
+
http_port 3128 transparent}}
  
 
Finally, we have to create the folders for the images to be flipped in and set their permissions
 
Finally, we have to create the folders for the images to be flipped in and set their permissions
  
 
''The directory where the images are to be stored must be owned by the proxy user.''
 
''The directory where the images are to be stored must be owned by the proxy user.''
 
+
{{bc|
mkdir /srv/http/images
+
# mkdir /srv/http/images
chown proxy:proxy /srv/http/images
+
# chown proxy:proxy /srv/http/images
chmod 755 /srv/http/images
+
# chmod 755 /srv/http/images
 
+
}}
 
Finally, add the http user to the proxy group
 
Finally, add the http user to the proxy group
  
usermod -aG proxy http
+
{{bc|# usermod -aG proxy http}}
  
 
Verify that the http user is a member of the proxy group
 
Verify that the http user is a member of the proxy group
  
groups proxy
+
{{bc|# groups proxy}}
 
or
 
or
id -Gn proxy
+
{{bc|# id -Gn proxy}}
  
== Starting ==
+
=== Router Setup ===
  
Make sure you start both apache and squid with
+
You will need to edit [[iptables]] on your router or gateway to redirect http traffic to your proxy.
 
+
/etc/rc.d/httpd start
+
/etc/rc.d/squid start
+
 
+
If you simply want to reload squid with the new config:
+
/etc/rc.d/squid reload
+
 
+
== Router Setup ==
+
 
+
You will need to edit {{Ic|iptables}} on your router or gateway to redirect http traffic to your proxy.
+
  
 
If you have DD-WRT on your router, this is easily done by going to Administration -> Commands and pasting the following into the box.
 
If you have DD-WRT on your router, this is easily done by going to Administration -> Commands and pasting the following into the box.
  
#!/bin/sh
+
{{bc|<nowiki>
PROXY_IP=192.168.1.
+
#!/bin/sh
PROXY_PORT=3128
+
PROXY_IP=192.168.1.
LAN_IP=`nvram get lan_ipaddr`
+
PROXY_PORT=3128
LAN_NET=$LAN_IP/`nvram get lan_netmask`
+
LAN_IP=`nvram get lan_ipaddr`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
+
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
+
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
+
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
+
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
 +
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
 +
</nowiki>}}
  
== Links and Sources ==
+
== Starting ==
[http://www.ex-parrot.com/pete/upside-down-ternet.html Original Upside-Down-Ternet Link]
+
Configure {{ic|httpd.service}} and {{ic|squid.service}} to start on boot.
 
+
[https://help.ubuntu.com/community/Upside-Down-TernetHowTo Ubuntu HowTo]
+
  
[http://www.dd-wrt.com/wiki/index.php/Squid_Transparent_Proxy Transparent Proxy with DD-WRT]
+
Read [[Daemons]] for more information.
  
[http://xkcd.com/341/ Upside-Down-Ternet XKCD]
+
== See also ==
 +
* [http://www.ex-parrot.com/pete/upside-down-ternet.html Original Upside-Down-Ternet Link]
 +
* [https://help.ubuntu.com/community/Upside-Down-TernetHowTo Ubuntu HowTo]
 +
* [http://www.dd-wrt.com/wiki/index.php/Squid_Transparent_Proxy Transparent Proxy with DD-WRT]
 +
* [http://xkcd.com/341/ Upside-Down-Ternet XKCD]

Revision as of 06:14, 22 December 2012

This article explains how to create a transparent Squid proxy server using mogrify to flip the images upside down.

Installation

Install the squid, apache and imagemagick packages from the official repositories.

Configuration

Create flip.pl and place it in your /usr/local/bin folder

/usr/local/bin/flip.pl
#!/usr/bin/perl
$|=1;
$count = 0;
$pid = $$;
while (<>) {
       chomp $_;
       if ($_ =~ /(.*\.jpg)/i) {
               $url = $1;
               system("/usr/bin/wget", "-q", "-O","/srv/http/images/$pid-$count.jpg", "$url");
               system("/usr/bin/mogrify", "-flip","/srv/http/images/$pid-$count.jpg");
               print "http://127.0.0.1/images/$pid-$count.jpg\n";
       }
       elsif ($_ =~ /(.*\.gif)/i) {
               $url = $1;
               system("/usr/bin/wget", "-q", "-O","/srv/http/images/$pid-$count.gif", "$url");
               system("/usr/bin/mogrify", "-flip","/srv/http/images/$pid-$count.gif");
               print "http://127.0.0.1/images/$pid-$count.gif\n";
       }
       elsif ($_ =~ /(.*\.png)/i) {
               $url = $1;
               system("/usr/bin/wget", "-q", "-O","/srv/http/images/$pid-$count.png", "$url");
               system("/usr/bin/mogrify", "-flip","/srv/http/images/$pid-$count.png");
               print "http://127.0.0.1/images/$pid-$count.png\n";
       }
       else {
               print "$_\n";;
       }
       $count++;
}

Now we need to modify the permissions so that it's executable

# chmod 755 /usr/local/bin/flip.pl

Next, while not necessary, does clean up the Squid config file a lot making it easier on the eyes

# sed -i "/^#/d;/^ *$/d" /etc/squid/squid.conf

Now, edit your squid.conf file and append this to the bottom

squid.conf
url_rewrite_program /usr/local/bin/flip.pl

Also find the line for http_port and make it now read

squid.conf
http_port 3128 transparent

Finally, we have to create the folders for the images to be flipped in and set their permissions

The directory where the images are to be stored must be owned by the proxy user.

# mkdir /srv/http/images
# chown proxy:proxy /srv/http/images
# chmod 755 /srv/http/images

Finally, add the http user to the proxy group

# usermod -aG proxy http

Verify that the http user is a member of the proxy group

# groups proxy

or

# id -Gn proxy

Router Setup

You will need to edit iptables on your router or gateway to redirect http traffic to your proxy.

If you have DD-WRT on your router, this is easily done by going to Administration -> Commands and pasting the following into the box.

#!/bin/sh
PROXY_IP=192.168.1.
PROXY_PORT=3128
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

Starting

Configure httpd.service and squid.service to start on boot.

Read Daemons for more information.

See also